<?php
require '../../include/library.inc.php';
require '../../include/admin_login.inc.php';
require '../../include/paging.inc.php';
$user_id = $_REQUEST["user_id"];

if($_GET["law_id"])
{
	$sql = "DELETE FROM 
               law_users
            WHERE
               use_id = '$user_id'
			   AND
			   law_id = '".$_GET["law_id"]."'
             ";
    query($sql);
}

if (!isset($_POST['is_submitted'])) {
    	$_POST['is_submitted'] = '';
	}
	if (!isset($_POST['email'])) {
		$_POST['email'] = '';
	}
	if (!isset($_POST['password'])) {
		$_POST['password'] = '';
	}
	if (!isset($error_message)) {
		$error_message = '';
	}
	$redirect = $_SERVER['HTTP_REFERER'];	
	
	if ($_POST['is_submitted']) {
		$error_message = '';
		$redirect = $_POST["redirect"];
		if (!$_POST['email']) $error_message .= 'Не е въведен E-mail адрес<br/>';
		else $_POST['email'] = escape($_POST['email']);
		 if (checkEmail($_POST['email'])== 0) $error_message .= "Невалиден E-mail адрес<br/>";
		if ($_POST['password'])
		{
		if (!$_POST['repassword']) $error_message .= 'Повторете паролата<br/>';
		else $_POST['repassword'] = escape($_POST['repassword']);
		if ($_POST['password'] != $_POST['repassword']) $error_message .= 'Въведените пароли не съвпадат<br/>';
		}
	
		if (!$error_message) {
			$sql = "SELECT
						*
					   FROM
						 users
					   WHERE
						 email = \"".escape($_POST['email'])."\"
						 
						 AND user_id != '$user_id'
					   
					";
			$result = query($sql);
			if ($row = mysql_fetch_object($result)) {
				$error_message = 'Вече има потребител регистриран с този e-mail!';
			} else {
				
				$sql = "UPDATE users SET
						 email = '".escape($_POST['email'])."',
						 full_name = '".escape($_POST['fullname'])."',
						 phone = '".escape($_POST['phone'])."',
						 entity = '".escape($_POST['entity'])."'
					  ";
					  if($_POST['password'])
					  {
						$sql .= ",
						 h_password = '".md5(escape($_POST['password']))."' ";  
					  }
					  $sql .=  " WHERE
					   user_id = '$user_id'
					   ";
					   
				query($sql);
				redirect($redirect);
				
			}
		}
	}
	
	
	
	
	
	
	if ($_POST['is_add_law']) {
		
		$sql = "SELECT * FROM  law_users WHERE law_id = '".$_POST["law_id"]."' AND use_id = '".$user_id."'";
		$result = query($sql);
			if ($row = mysql_fetch_object($result)) {
				$error_message = 'Този юрист вече е свързант с потребителя!';
			} else {
		$sql = "INSERT INTO law_users
						 (use_id,law_id)
					   VALUES
						 ('".$user_id."','".$_POST["law_id"]."')
					   
					";
				query($sql);
			}
	}
	
	
	
	
	
	
	
	head_admin("Редактиране на потребителски профил");
?>
  	
	
	
			
            <div class="topbuttons">
            	<a href="users.php">Обратно</a>
            </div>
			
            <h3>Редактиране на потребителски профил</h3>
            <form action="<?=$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data">
            <input type="hidden" name="is_submitted" value="1" />
			 <input type="hidden" name="user_id" value="<?=$user_id?>" /> 
              <input type="hidden" name="redirect" value="<?=$redirect?>" />
			<dl class="clearfix" style="border:1px solid #ccc; background:#fff; border-radius:10px;">
			
			<?php if ($error_message) { ?>
			<div class="red" style="padding:10px;">
				<?=$error_message?>
			</div><br /><br />
			<?php } 
			$sql = "SELECT 
						user_id,
						email,
						full_name,
						accsess,
						phone,
						entity
					FROM
						users
					WHERE
						user_id ='$user_id'
					
					";
			$result_use = query($sql);
			$row_use = mysql_fetch_object($result_use);
			$email = $row_use->email;
			$fullname = $row_use->full_name;
			$access = $row_use->accsess;
			$phone = $row_use->phone;
			$entity = $row_use->entity;
			
			if ($_POST['is_submitted'])
			{
				$fullname = $_POST['fullname'];
				$email = $_POST['email'];
				$phone = $_POST['phone'];
				$entity = $_POST['entity'];
				
			}
			
			 
			?>
			<dl class="clearfix" style="border:1px solid #ccc; background:#fff; border-radius:10px; float:left;">
            <dt><label for="email" class="required">E-mail</label></dt>
            <dd class="short"><input class="inputbox" name="email" type="text" value="<?=$email?>" ></dd>
            
            <dt><label for="email" class="required">Име и фамилия</label></dt>
            <dd class="short"><input class="inputbox" name="fullname" type="text" value="<?=$fullname?>" ></dd>
            
            <dt><label for="email" class="required">Юридическо лице</label></dt>
            <dd class="short"><input class="inputbox" name="entity" type="text" value="<?=$entity?>" ></dd>
            
            
            <dt><label for="phone" class="required">Телефон</label></dt>
            <dd class="short"><input class="inputbox" name="phone" type="text" value="<?=$phone?>" ></dd>
			</dl>
            
            <dl class="clearfix" style="border:1px solid #ccc; background:#fff; border-radius:10px; float:left; margin-left:20px;">
			<dt><label for="password" class="required">Нова парола</label></dt>
            <dd class="short"><input class="inputbox" name="password" type="password" value="<?=$_POST['password']?>" ></dd>
			<dt><label for="password" class="required">Повтори парола</label></dt>
            <dd class="short"><input class="inputbox" name="repassword" type="password" value="<?=$_POST['repassword']?>" ></dd>
            </dl>
            
            
			<dd class="submit" style=" clear:both; margin:20px 0 ;">
            <input type="submit" name="submit" id="submit" value="Запиши">
            </dd>
			
            </dl>
			</form>
<?php 
if($access ==1)
{
	
	$lang = 1;
$sql = "SELECT
			u.user_id,
			u.full_name
		FROM
			users AS u, 
			law_users AS l	
		WHERE
		l.use_id = '$user_id'
		AND
		l.law_id = user_id
		AND
		u.accsess = '2'	
		";


if (!isset($_GET['sort'])) $_GET['sort'] = 0;
if (!isset($_GET['sortBy'])) $_GET['sortBy'] = 2;

$paging = new Paging($sql, $_GET['sortBy'], $_GET['sort'], array(2=>"Подредба"), 30);
$result = $paging->query();
	
	
?>
<h3>Добавени юристи(<?=$paging->count()?>)</h3>
		<form action="<?=$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data">
            <input type="hidden" name="is_add_law" value="1" />
			 <input type="hidden" name="user_id" value="<?=$user_id?>" /> 
              <input type="hidden" name="redirect" value="<?=$redirect?>" />
              <dl class="clearfix" style="border:1px solid #ccc; background:#fff; border-radius:10px;">
              <dd style="float:left;"><select class="inputbox w250" name="law_id">
              <?php $sql_w = "SELECT
						u.user_id,
						u.full_name
					FROM
						users AS u	
					WHERE
					
					u.accsess = '2'	
					";
			$result_w = query($sql_w);
			 while($row_w = mysql_fetch_object($result_w))
			 {
				 
            echo "<option value='".$row_w->user_id."'>".$row_w->full_name."</option>";
            
			}?>
	           
			</select></dd>
            <dd>
		<input type="submit" name="submit" id="submit" value="Добави">
            </dd>
			
            </dl>
			</form>
		
           
            
            <?php if($paging->count()){?>
            <table id="listing" width="100%" cellpadding="0" cellspacing="0">
			<thead>
				<tr>
					<td>Име</td>
					<td>Действия</td>
				</tr>
			</thead>
			<tbody>
			<?php
			}else{ 
				echo '<p style=" color:red">Няма добавени юристи.</p>';
			}
			  
			  $i=1;
			  while ($row = mysql_fetch_object($result)) {				  
			?>
					<tr class="<?=(($i%2)?"none":"zebra")?>">
						<td><a href="user_edit.php?user_id=<?=$row->user_id?>" title="Редактирай"><?=sth($row->full_name)?></a></td>
						
						<td class="icons">
							
							
							<a onClick="if (window.confirm('Сигурен ли си, че искаш да премахнеш достъпа на <?=sth($row->full_name)?> , до профила ?')) { document.location='user_edit.php?law_id=<?=$row->user_id?>&user_id=<?=$user_id?>'; return false; }" class="delete" title="Премахни">Премахни</a>
						</td>
						
					</tr>
         <?php
              $i++;    
            } 
         ?>				  
			</tbody>
		</table>
        
        <div class="pagingwrap"><div class="paging">
			<?=$paging->display()?>
		</div></div>
<?php
}
?>


<?php
	foot_admin(); 
?>